Today we did the switch over and updated the DNS records to route all of the client traffic through Exchange 2016. IE and Edge were fine, but Firefox gave an error:
NS_ERROR_NET_INADEQUATE_SECURITYProtocol issues for web browsers, certificates, and web servers can be tricky. It's hard to track it down with generic error messages like this. So, as an alternative to figuring out the details, I used IIS Crypto from Nartac with the best practices settings on the Exchange 2016 servers. After those were applied all was good. Just apply the settings and reboot.
For more about using the free IIS Crypto to see: